aboutsummaryrefslogtreecommitdiff
path: root/views/default/output
diff options
context:
space:
mode:
Diffstat (limited to 'views/default/output')
-rw-r--r--views/default/output/access.php7
-rw-r--r--views/default/output/confirmlink.php17
-rw-r--r--views/default/output/date.php12
-rw-r--r--views/default/output/email.php4
-rw-r--r--views/default/output/img.php12
-rw-r--r--views/default/output/location.php19
-rw-r--r--views/default/output/longtext.php6
-rw-r--r--views/default/output/tag.php35
-rw-r--r--views/default/output/tagcloud.php14
-rw-r--r--views/default/output/tags.php57
-rw-r--r--views/default/output/text.php3
-rw-r--r--views/default/output/url.php15
12 files changed, 157 insertions, 44 deletions
diff --git a/views/default/output/access.php b/views/default/output/access.php
index f312608d5..5c8d62c4d 100644
--- a/views/default/output/access.php
+++ b/views/default/output/access.php
@@ -11,6 +11,7 @@ if (isset($vars['entity']) && elgg_instanceof($vars['entity'])) {
$access_id = $vars['entity']->access_id;
$access_class = 'elgg-access';
$access_id_string = get_readable_access_level($access_id);
+ $access_id_string = htmlspecialchars($access_id_string, ENT_QUOTES, 'UTF-8', false);
// if within a group or shared access collection display group name and open/closed membership status
// @todo have a better way to do this instead of checking against subtype / class.
@@ -20,7 +21,7 @@ if (isset($vars['entity']) && elgg_instanceof($vars['entity'])) {
// we decided to show that the item is in a group, rather than its actual access level
// not required. Group ACLs are prepended with "Group: " when written.
//$access_id_string = elgg_echo('groups:group') . $container->name;
- $membership = $is_group->membership;
+ $membership = $container->membership;
if ($membership == ACCESS_PUBLIC) {
$access_class .= ' elgg-access-group-open';
@@ -35,5 +36,7 @@ if (isset($vars['entity']) && elgg_instanceof($vars['entity'])) {
$access_class .= ' elgg-access-private';
}
- echo "<span class=\"$access_class\">$access_id_string</span>";
+ $help_text = elgg_echo('access:help');
+
+ echo "<span title=\"$help_text\" class=\"$access_class\">$access_id_string</span>";
}
diff --git a/views/default/output/confirmlink.php b/views/default/output/confirmlink.php
index 5059a656e..532790a38 100644
--- a/views/default/output/confirmlink.php
+++ b/views/default/output/confirmlink.php
@@ -6,16 +6,16 @@
* @package Elgg
* @subpackage Core
*
- * @uses $vars['text'] The text of the link
- * @uses $vars['href'] The address
- * @uses $vars['title'] The title text (defaults to confirm text)
- * @uses $vars['confirm'] The dialog text
- * @uses $vars['text_encode'] Encode special characters? (false)
+ * @uses $vars['text'] The text of the link
+ * @uses $vars['href'] The address
+ * @uses $vars['title'] The title text (defaults to confirm text)
+ * @uses $vars['confirm'] The dialog text
+ * @uses $vars['encode_text'] Run $vars['text'] through htmlspecialchars() (false)
*/
$vars['rel'] = elgg_extract('confirm', $vars, elgg_echo('question:areyousure'));
$vars['rel'] = addslashes($vars['rel']);
-$encode = elgg_extract('text_encode', $vars, false);
+$encode = elgg_extract('encode_text', $vars, false);
// always generate missing action tokens
$vars['href'] = elgg_add_action_tokens_to_url(elgg_normalize_url($vars['href']), true);
@@ -25,8 +25,8 @@ if ($encode) {
$text = htmlspecialchars($text, ENT_QUOTES, 'UTF-8', false);
}
-if (!isset($vars['title'])) {
- $vars['title'] = addslashes($confirm);
+if (!isset($vars['title']) && isset($vars['confirm'])) {
+ $vars['title'] = $vars['rel'];
}
if (isset($vars['class'])) {
@@ -41,6 +41,7 @@ if (isset($vars['class'])) {
unset($vars['encode_text']);
unset($vars['text']);
unset($vars['confirm']);
+unset($vars['is_trusted']);
$attributes = elgg_format_attributes($vars);
echo "<a $attributes>$text</a>";
diff --git a/views/default/output/date.php b/views/default/output/date.php
index fda7668e7..1644a3480 100644
--- a/views/default/output/date.php
+++ b/views/default/output/date.php
@@ -6,10 +6,12 @@
* @package Elgg
* @subpackage Core
*
- * @uses $vars['value'] A UNIX epoch timestamp
- *
+ * @uses $vars['value'] Date as text or a Unix timestamp in seconds
*/
-if ($vars['value'] > 86400) {
- echo date("n/d/Y", $vars['value']);
-} \ No newline at end of file
+// convert timestamps to text for display
+if (is_numeric($vars['value'])) {
+ $vars['value'] = gmdate('Y-m-d', $vars['value']);
+}
+
+echo $vars['value'];
diff --git a/views/default/output/email.php b/views/default/output/email.php
index 00eefad1f..f5a8bc4b8 100644
--- a/views/default/output/email.php
+++ b/views/default/output/email.php
@@ -10,6 +10,8 @@
*
*/
+$encoded_value = htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8');
+
if (!empty($vars['value'])) {
- echo "<a href=\"mailto:" . $vars['value'] . "\">". htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8', false) ."</a>";
+ echo "<a href=\"mailto:$encoded_value\">$encoded_value</a>";
} \ No newline at end of file
diff --git a/views/default/output/img.php b/views/default/output/img.php
new file mode 100644
index 000000000..d3f596801
--- /dev/null
+++ b/views/default/output/img.php
@@ -0,0 +1,12 @@
+<?php
+/**
+ * Elgg image view
+ *
+ * @uses string $vars['src'] The image src url.
+ */
+
+$vars['src'] = elgg_normalize_url($vars['src']);
+$vars['src'] = elgg_format_url($vars['src']);
+
+$attributes = elgg_format_attributes($vars);
+echo "<img $attributes/>";
diff --git a/views/default/output/location.php b/views/default/output/location.php
new file mode 100644
index 000000000..e1009f17d
--- /dev/null
+++ b/views/default/output/location.php
@@ -0,0 +1,19 @@
+<?php
+/**
+ * Display a location
+ *
+ * @uses $vars['entity'] The ElggEntity that has a location
+ * @uses $vars['value'] The location string if the entity is not passed
+ */
+
+if (isset($vars['entity'])) {
+ $vars['value'] = $vars['entity']->location;
+ unset($vars['entity']);
+}
+
+// Fixes #4566 we used to allow arrays of strings for location
+if (is_array($vars['value'])) {
+ $vars['value'] = implode(', ', $vars['value']);
+}
+
+echo elgg_view('output/tag', $vars);
diff --git a/views/default/output/longtext.php b/views/default/output/longtext.php
index ffdfd87cc..589100c4f 100644
--- a/views/default/output/longtext.php
+++ b/views/default/output/longtext.php
@@ -25,13 +25,13 @@ unset($vars['parse_urls']);
$text = $vars['value'];
unset($vars['value']);
-$text = filter_tags($text);
-
if ($parse_urls) {
$text = parse_urls($text);
}
-$text = autop($text);
+$text = filter_tags($text);
+
+$text = elgg_autop($text);
$attributes = elgg_format_attributes($vars);
diff --git a/views/default/output/tag.php b/views/default/output/tag.php
new file mode 100644
index 000000000..6bd9a72a7
--- /dev/null
+++ b/views/default/output/tag.php
@@ -0,0 +1,35 @@
+<?php
+/**
+ * Elgg single tag output
+ *
+ * @uses $vars['value'] String
+ * @uses $vars['type'] The entity type, optional
+ * @uses $vars['subtype'] The entity subtype, optional
+ *
+ */
+
+if (!empty($vars['type'])) {
+ $type = "&type=" . rawurlencode($vars['type']);
+} else {
+ $type = "";
+}
+if (!empty($vars['subtype'])) {
+ $subtype = "&subtype=" . rawurlencode($vars['subtype']);
+} else {
+ $subtype = "";
+}
+if (!empty($vars['object'])) {
+ $object = "&object=" . rawurlencode($vars['object']);
+} else {
+ $object = "";
+}
+
+if (isset($vars['value'])) {
+ $url = elgg_get_site_url() . 'search?q=' . rawurlencode($vars['value']) . "&search_type=tags{$type}{$subtype}{$object}";
+ $vars['value'] = htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8', false);
+ echo elgg_view('output/url', array(
+ 'href' => $url,
+ 'text' => $vars['value'],
+ 'rel' => 'tag',
+ ));
+}
diff --git a/views/default/output/tagcloud.php b/views/default/output/tagcloud.php
index 22b6cf49d..2fbf1cd0a 100644
--- a/views/default/output/tagcloud.php
+++ b/views/default/output/tagcloud.php
@@ -39,6 +39,8 @@ if (!empty($vars['tagcloud']) && is_array($vars['tagcloud'])) {
$cloud = '';
foreach ($vars['tagcloud'] as $tag) {
+ $tag->tag = htmlspecialchars($tag->tag, ENT_QUOTES, 'UTF-8', false);
+
if ($cloud != '') {
$cloud .= ', ';
}
@@ -47,9 +49,15 @@ if (!empty($vars['tagcloud']) && is_array($vars['tagcloud'])) {
if ($size < 100) {
$size = 100;
}
- $url = elgg_get_site_url()."search?q=". urlencode($tag->tag) . "&search_type=tags$type$subtype";
- $url = elgg_format_url($url);
- $cloud .= "<a href=\"$url\" style=\"font-size: $size%\" title=\"".addslashes($tag->tag)." ($tag->total)\">" . htmlspecialchars($tag->tag, ENT_QUOTES, 'UTF-8') . "</a>";
+ $url = "search?q=". urlencode($tag->tag) . "&search_type=tags$type$subtype";
+
+ $cloud .= elgg_view('output/url', array(
+ 'text' => $tag->tag,
+ 'href' => $url,
+ 'style' => "font-size: $size%;",
+ 'title' => "$tag->tag ($tag->total)",
+ 'rel' => 'tag'
+ ));
}
$cloud .= elgg_view('tagcloud/extend');
diff --git a/views/default/output/tags.php b/views/default/output/tags.php
index 57cb21ea7..db096a3be 100644
--- a/views/default/output/tags.php
+++ b/views/default/output/tags.php
@@ -7,20 +7,28 @@
* @uses $vars['type'] The entity type, optional
* @uses $vars['subtype'] The entity subtype, optional
* @uses $vars['entity'] Optional. Entity whose tags are being displayed (metadata ->tags)
+ * @uses $vars['list_class'] Optional. Additional classes to be passed to <ul> element
+ * @uses $vars['item_class'] Optional. Additional classes to be passed to <li> elements
+ * @uses $vars['icon_class'] Optional. Additional classes to be passed to tags icon image
*/
if (isset($vars['entity'])) {
- $defaults['value'] = $vars['entity']->tags;
+ $vars['tags'] = $vars['entity']->tags;
unset($vars['entity']);
}
+if (!empty($vars['type'])) {
+ $type = "&type=" . rawurlencode($vars['type']);
+} else {
+ $type = "";
+}
if (!empty($vars['subtype'])) {
- $subtype = "&subtype=" . urlencode($vars['subtype']);
+ $subtype = "&subtype=" . rawurlencode($vars['subtype']);
} else {
$subtype = "";
}
if (!empty($vars['object'])) {
- $object = "&object=" . urlencode($vars['object']);
+ $object = "&object=" . rawurlencode($vars['object']);
} else {
$object = "";
}
@@ -38,22 +46,37 @@ if (!empty($vars['tags'])) {
$vars['tags'] = array($vars['tags']);
}
- echo '<div>';
- echo elgg_view_icon('tag');
- echo '<ul class="elgg-tags">';
+ $list_class = "elgg-tags";
+ if (isset($vars['list_class'])) {
+ $list_class = "$list_class {$vars['list_class']}";
+ }
+
+ $item_class = "elgg-tag";
+ if (isset($vars['item_class'])) {
+ $item_class = "$item_class {$vars['item_class']}";
+ }
+
+ $icon_class = elgg_extract('icon_class', $vars);
+ $list_items = '<li>' . elgg_view_icon('tag', $icon_class) . '</li>';
+
foreach($vars['tags'] as $tag) {
- if (!empty($vars['type'])) {
- $type = "&type={$vars['type']}";
- } else {
- $type = "";
- }
- $url = elgg_get_site_url() . 'search?q=' . urlencode($tag) . "&search_type=tags{$type}{$subtype}{$object}";
+ $url = elgg_get_site_url() . 'search?q=' . rawurlencode($tag) . "&search_type=tags{$type}{$subtype}{$object}";
if (is_string($tag)) {
- echo '<li>';
- echo elgg_view('output/url', array('href' => $url, 'text' => $tag, 'rel' => 'tag'));
- echo '</li>';
+ $tag = htmlspecialchars($tag, ENT_QUOTES, 'UTF-8', false);
+ $list_items .= "<li class=\"$item_class\">";
+ $list_items .= elgg_view('output/url', array('href' => $url, 'text' => $tag, 'rel' => 'tag'));
+ $list_items .= '</li>';
}
}
- echo '</ul>';
- echo '</div>';
+
+ $list = <<<___HTML
+ <div class="clearfix">
+ <ul class="$list_class">
+ $list_items
+ </ul>
+ </div>
+___HTML;
+
+ echo $list;
}
+
diff --git a/views/default/output/text.php b/views/default/output/text.php
index 2c9242c1d..5cbfc35b0 100644
--- a/views/default/output/text.php
+++ b/views/default/output/text.php
@@ -6,8 +6,7 @@
* @package Elgg
* @subpackage Core
*
- * @uses $vars['text'] The text to display
- *
+ * @uses $vars['value'] The text to display
*/
echo htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8', false); \ No newline at end of file
diff --git a/views/default/output/url.php b/views/default/output/url.php
index 79ab52377..81b02087d 100644
--- a/views/default/output/url.php
+++ b/views/default/output/url.php
@@ -10,7 +10,7 @@
* @uses string $vars['href'] The unencoded url string
* @uses bool $vars['encode_text'] Run $vars['text'] through htmlspecialchars() (false)
* @uses bool $vars['is_action'] Is this a link to an action (false)
- *
+ * @uses bool $vars['is_trusted'] Is this link trusted (false)
*/
$url = elgg_extract('href', $vars, null);
@@ -37,11 +37,20 @@ if ($url) {
if (elgg_extract('is_action', $vars, false)) {
$url = elgg_add_action_tokens_to_url($url, false);
- unset($vars['is_action']);
+ }
+
+ if (!elgg_extract('is_trusted', $vars, false)) {
+ if (!isset($vars['rel'])) {
+ $vars['rel'] = 'nofollow';
+ $url = strip_tags($url);
+ }
}
$vars['href'] = $url;
}
+unset($vars['is_action']);
+unset($vars['is_trusted']);
+
$attributes = elgg_format_attributes($vars);
-echo "<a $attributes>$text</a>"; \ No newline at end of file
+echo "<a $attributes>$text</a>";
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-13 12:21:46 +0000